ID CVE-2020-14578
Summary Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update261:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update251:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storagegrid:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storagegrid:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storagegrid:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storagegrid:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storagegrid:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storagegrid:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storagegrid:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storagegrid:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
    cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
  • cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
CVSS
Base: 4.3 (as of 27-10-2022 - 22:59)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el7_8
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_2
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.262.b10-0.el6_10
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_0
  • java-1.8.0-openjdk-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-accessibility-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-debugsource-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-openjdk-src-1:1.8.0.262.b10-0.el8_1
  • java-1.8.0-ibm-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-demo-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-devel-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-headless-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-plugin-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-src-1:1.8.0.6.15-1.el8_2
  • java-1.8.0-ibm-webstart-1:1.8.0.6.15-1.el8_2
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el6_10
  • java-1.7.1-ibm-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.70-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.70-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.6.20-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.6.20-1jpp.1.el7
refmap via4
confirm
debian DSA-4734
fedora
  • FEDORA-2020-508df53719
  • FEDORA-2020-e418151dc3
gentoo GLSA-202008-24
misc https://www.oracle.com/security-alerts/cpujul2020.html
mlist [debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update
suse openSUSE-SU-2020:1893
ubuntu USN-4453-1
Last major update 27-10-2022 - 22:59
Published 15-07-2020 - 18:15
Last modified 27-10-2022 - 22:59
Back to Top